Re: [Astlinux-devel] Tailscale package?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi David,

Good to hear the binary tailscale package on astlinux works well.

It does look like tailscale uses the go.lang version of WireGuard, not the kernel version.

As for the odd reverse iperf3 stats with tailscale, my only theory is there may a multi-homed network path that iperf3 is using, so not all the iperf3 data is going over tailscale.  Only a guess.

Looking only at sending (kernel/Go.lang) 450/330 and 3.75/2.0 there is a quite significant difference when speed is needed.  If simple connectivity is only required then the difference is not noticeable.

Thanks for the testing.

Lonnie

> On Jun 1, 2025, at 5:34 PM, David Kerr <Da...@Ke...> wrote:
> 
> I tested the binary tailscale package on astlinux and it works well.  I started with a remote hosted VM Ubuntu 24.04 (on RackNerd... they are dirt cheap).  I installed both wireguard and tailscale onto this VM, and started the iperf3 server.  I then ran tailscale on my astlinux gateway and then from astlinux ran iperf3 client.
> 
> Without any tunneling the speed was 700 Mbps sending and 800 Mbps receiving.  This is probably running into rate throttling at the remote hosting provider (my native speedtest is 2.5Gbps over fiber).
> Running over wireguard the speed dropped to 450 Mbps sending, 400 Mbps receiving.
> Running over tailscale the speed was 330 Mbps sending, 400 Mbps receiving.
> 
> Thus for all practical purposes, there really isn't much difference between tailscale and wireguard.  Tailscale is notably slower in upload (from astlinux) direction, but equivalent for download.
> 
> My astlinux is running as a VM on proxmox.  I decided to create a LXC container on proxmox and in that run both wireguard and tailscale.  This eliminates any physical networking... all traffic will be over linux bridge / virtio. And repeated iperf3 tests from astlinux.
> 
> Without any tunneling the speed was 70 Gbps sending and 90 Gbps receiving. Wow!
> Running over wireguard the speed dropped to 3.75 Gpps sending, 3.75 Gpps receiving.  Thus the CPU load for encryption/decryption is clear.
> Running over tailscale the speed was 2 Gbps sending, 6 Gps receiving. Er, what?  This was consistent over multiple runs.
> 
> I have observed differences in speed when running iperf3 in "reverse" mode, but nothing like what I saw here with tailscale.
> 
> David
> 
> On Sun, Apr 27, 2025 at 4:24 PM David Kerr <da...@ke...> wrote:
> Thanks for the suggestion, I might just try that.
> 
> I have observed in the past that go-lang produces very large binaries.  I think it binds in all the dependencies it needs and does not link to external libraries.
> 
> I was not aware that tailscale does not use the kernel Wireguard, that is a pity.  I'll have to run a few iPerf3's and compare.
> 
> Tailscale is really easy to setup, so I have found myself using it more and more.
> 
> David
> 
> On Sun, Apr 27, 2025 at 2:15 PM Lonnie Abelbeck <li...@lo...> wrote:
> 
> > On Apr 27, 2025, at 12:12 PM, David Kerr <Da...@Ke...> wrote:
> > 
> > How easy would it be to add the tailscale package to AstLinux?  The package was added to buildroot a few months ago...
> > 
> > https://gitlab.com/buildroot.org/buildroot/-/commit/0f34e78818c9bc28a7a0e590bb73d72e616919f4
> > 
> > But I'm worried that AstLinix has not kept up-to-date with buildroot's package and makefile syntax/capabilities.  So I thought I would ask here before I spend any time trying to make it work.
> > 
> > Thanks,
> > David
> 
> Indeed, our Buildroot does not support building go-lang packages from source.
> 
> An option is to use precompiled "amd64" binaries [1] [2]
> --==--
> minipc ~ # cd /mnt/kd
> minipc kd # mkdir tailscale
> minipc kd # cd tailscale/
> minipc tailscale # curl -O https://pkgs.tailscale.com/stable/tailscale_1.82.5_amd64.tgz
> 
> minipc tailscale # tar xzvf tailscale_1.82.5_amd64.tgz 
> tailscale_1.82.5_amd64/
> tailscale_1.82.5_amd64/tailscaled
> tailscale_1.82.5_amd64/tailscale
> tailscale_1.82.5_amd64/systemd/
> tailscale_1.82.5_amd64/systemd/tailscaled.service
> tailscale_1.82.5_amd64/systemd/tailscaled.defaults
> 
> minipc tailscale # ls -l tailscale_1.82.5_amd64/tailscale*
> -rwxr-xr-x    1 root     root      20590744 Apr 17 15:00 tailscale_1.82.5_amd64/tailscale
> -rwxr-xr-x    1 root     root      38472562 Apr 17 15:00 tailscale_1.82.5_amd64/tailscaled
> --==--
> 
> Note the two binaries are almost 60 MB, about the compressed AstLinux size!
> 
> Also note that tailscale uses the slower go-lang version of WireGuard, not the kernel version.
> 
> For AstLinux use, I would stick with the native, kernel based WireGuard.  But you may be able to get the precompiled "amd64" binaries to work.
> 
> Lonnie
> 
> [1] https://pkgs.tailscale.com/stable/#static
> 
> [2]
> 
> minipc tailscale # tailscale_1.82.5_amd64/tailscaled -version
> 1.82.5
>   tailscale commit: dec88625eafdcac4dfae8f592705919184ec4df7
>   other commit: ec2eb973098fbcd878430fcda1496ca04b9b7328
>   go version: go1.24.2
> 
> 
> minipc tailscale # tailscale_1.82.5_amd64/tailscale --help 
> The easiest, most secure way to use WireGuard.
> 
> USAGE
>   tailscale [flags] <subcommand> [command flags]
> 
> For help on subcommands, add --help after: "tailscale status --help".
> 
> This CLI is still under active development. Commands and flags will
> change in the future.
> 
> SUBCOMMANDS
>   up          Connect to Tailscale, logging in if needed
>   down        Disconnect from Tailscale
>   set         Change specified preferences
>   login       Log in to a Tailscale account
>   logout      Disconnect from Tailscale and expire current node key
>   switch      Switch to a different Tailscale account
>   configure   Configure the host to enable more Tailscale features
>   syspolicy   Diagnose the MDM and system policy configuration
>   netcheck    Print an analysis of local network conditions
>   ip          Show Tailscale IP addresses
>   dns         Diagnose the internal DNS forwarder
>   status      Show state of tailscaled and its connections
>   metrics     Show Tailscale metrics
>   ping        Ping a host at the Tailscale layer, see how it routed
>   nc          Connect to a port on a host, connected to stdin/stdout
>   ssh         SSH to a Tailscale machine
>   funnel      Serve content and local servers on the internet
>   serve       Serve content and local servers on your tailnet
>   version     Print Tailscale version
>   web         Run a web server for controlling Tailscale
>   file        Send or receive files
>   bugreport   Print a shareable identifier to help diagnose issues
>   cert        Get TLS certs
>   lock        Manage tailnet lock
>   licenses    Get open source license information
>   exit-node   Show machines on your tailnet configured as exit nodes
>   update      Update Tailscale to the latest/different version
>   whois       Show the machine and user associated with a Tailscale IP (v4 or v6)
>   drive       Share a directory with your tailnet
>   completion  Shell tab-completion scripts
> 
> FLAGS
>   --socket value
>         path to tailscaled socket (default /var/run/tailscale/tailscaled.sock)
> 
> 
> 
> 
> _______________________________________________
> Astlinux-devel mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-devel
> _______________________________________________
> Astlinux-devel mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-devel